Changing the world, one person at a time…

23 December 2004

Recently, a guy wrote an interesting blog: How can I trust Firefox?. Basically he went to explain why installing Firefox is not a safe process. He works for Microsoft (no wonder) and he is not even a coder (no wonder), so it is normal for him to have a soft spot for their products.

One logical answer to that question is: Can I Trust Internet Explorer? I for one don’t trust it a bit and find that downloading and installing Firefox is well worth the risk. Of course, he did all his experiment in Windows, which is not a safe neighborhood anyway. Under most Linux distribution, Firefox is already included. And any updates from the vendor to Firefox are digitally signed by GnuPG. So, none of his rants are valid within Linux environment.

I also find his rant about Verisign signing certificate very funny. It doesn’t matter if Internet Explorer ultimately trusts Verisign certificate while most of the world don’t. Microsoft does its users a disservice if they choose to trust Verisign certificate. Do you trust Verisign? I don’t. So, if Internet Explorer trusts Verisign, why should I trust Internet Explorer? Furthermore, all the signing certificate does is to ensure that the package really comes from the right vendor and it’s not tampered on the way (I’m not trying to downplay the importance of this issue, by the way). It doesn’t prevent a malicious vendor who is willing to spend a few hundred dollars to get a signing (some spyware creators do!). It also doesn’t prevent bug in software, a bug in signed software can easily be used by malicious code to execute as the signed software behalf.

He did however point out some problems in Firefox that warrant a fix. Should be easy enough for Firefox developer. Almost all of his points was trivial (but important nonetheless), like dialog boxes defaulting to OK. Expect the next update of Firefox will contain these fixes.

No Response

Trackback: Use this URI to trackback this entry. Use your web browser's function to copy it to your blog posting.

Comment RSS: You can track conversation in this page by using this page's Comments RSS

Gravatar: You can have a picture next to each of your comments by getting a Gravatar.